Contributed by tbert on from the Windows ^ X11 dept.
Mike Larkin has been slow at informing the world, despite my prodding. Probably started working on something else cool...
So.. I am going to take it upon myself to sing praise to him, and hopefully he'll let me off lightly! Over the last two months Mike modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Some further amd64-specific page attribute improvements snuck in. Too complicated to describe simply. I followed along for the ride and improved the situation on other architectures, mostly MI improvements so the right requests would be made to the MD layers. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good. There are some known pages, but hopefully fewer in the future).
To which Mike Larkin (mlarkin@) replied:
Thanks Theo for the encouragement along the way. It did indeed start with .rodata, but then we ended up fixing a ton more; probably a dozen different places needed tightening up. i386 is next, but that requires a PAE paging model and compatible CPU. I've got the PAE mode booting but it's not ready for prime time yet.
Thanks to Mike for this work! Hopefully we'll see this in more arches soon!
(Comments are closed)